Git-Mirrors
/
qubes-mirage-firewall
mirror of https://github.com/mirage/qubes-mirage-firewall.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
355 Commits 1 Branch 18 Tags 1 MiB
Commit Graph

355 Commits

Author SHA1 Message Date
Thomas Leonard 997446af6c
Merge pull request #117 from hannesm/kernelopts 
README: use kernelopts='' instead of None
 2020-10-24 13:38:46 +01:00
Hannes Mehnert c173bf1cb0 README: use kernelopts='' instead of None 2020-10-24 12:43:08 +02:00
Thomas Leonard 006801c03e
Merge pull request #112 from roburio/mirage38 
adapt to mirage 3.8.0 changes (ipaddr5, tcpip5); bump opam-repository hash (to get netchannel+mirage-net-xen 0.13.1)
 2020-07-04 13:39:13 +01:00
Hannes Mehnert aebaa2cafc update sha256 from travis run 2020-07-03 16:55:38 +02:00
Hannes Mehnert de0eb9d970 adapt to mirage 3.8.0 changes (ipaddr5, tcpip5); bump opam-repository hash (to get netchannel+mirage-net-xen 0.13.1) 2020-07-03 16:39:06 +02:00
Thomas Leonard 094637b2de
Merge pull request #110 from burghardt/dom0tar 
Do not run tar in dom0 (closes #84).
 2020-06-20 10:59:43 +01:00
Krzysztof Burghardt f9842e8b18
Do not run tar in dom0 (closes #84). 
Do not run tar and bzip2 in dom0 to decompresses and extract archive
data created in, or downloaded to domU as any vulnerabilities in them
can compromise Qubes OS security model.

Instead of that run both tar and bzip2 in domU and copy unikernel to
dom0 as described in official Qubes documentation ["Copying from (and to)
dom0"](https://www.qubes-os.org/doc/copy-from-dom0/#copying-to-dom0).

Auxiliary files required to run unikernel in Qubes OS domU can be easily
created directly in dom0 using trusted tools available there.
 2020-06-20 01:16:29 +02:00
linse 3ee01b5243 changes for 0.7.1 
Co-Authored-By: hannes <hannes@mehnert.org>
 2020-06-19 09:44:15 +00:00
Hannes Mehnert 620bbb5b35 update opam repository commit hash for release 2020-06-19 08:24:18 +00:00
Hannes Mehnert 6dc7de26e3
Merge pull request #103 from roburio/xenstore-client-ip 
Handle other IP formats from xenstore.
 2020-06-18 10:35:06 +02:00
linse b5ec221e2a Handle other IP formats from xenstore. 
Example: "10.137.0.18 fd09:24ef:3178::a19:11"
reported via https://twitter.com/t_grote/status/1262747002334408704
 2020-05-19 17:47:40 +02:00
linse 60ebd61b72 Update documentation. 2020-05-19 16:48:48 +02:00
Hannes Mehnert 49da96d5d9
Merge pull request #101 from roburio/release-0.7 
Release 0.7
 2020-05-19 14:51:11 +02:00
linse 53bf4f960c update to ocaml 4.10 and mirage 3.7.7 2020-05-19 14:35:22 +02:00
linse cc534d9618 Update changes for release. 2020-05-19 11:07:25 +02:00
linse 17ace89ed8
Merge pull request #100 from talex5/changes 
Update changelog
 2020-05-19 11:02:39 +02:00
Thomas Leonard 470160dcb2 Update changelog 2020-05-16 15:20:58 +01:00
Hannes Mehnert 152202b0de
Merge pull request #99 from xaki23/o4100 
bump qubes-builder ocaml-version to 4.10.0 for gcc-10 compatibility
 2020-05-16 11:12:22 +02:00
xaki23 6a1b012527
bump qubes-builder ocaml-version to 4.10.0 for gcc-10 compatibility 2020-05-15 18:36:03 +02:00
Hannes Mehnert d34842e31a
Merge pull request #96 from roburio/squash 
QubesOS 4.0 support
 2020-05-15 17:33:23 +02:00
linse 8927a45f43 [ci skip] Edit CHANGES 2020-05-15 17:31:30 +02:00
linse 2d78d47591 Support firewall rules with hostnames. 
Co-Authored-By: Mindy Preston <yomimono@users.noreply.github.com>
Co-Authored-By: Olle Jonsson <olle.jonsson@gmail.com>
Co-Authored-By: hannes <hannes@mehnert.org>
Co-Authored-By: cfcs <cfcs@users.noreply.github.com>
 2020-05-15 16:25:46 +02:00
linse 87df5bdcc0 Read firewall rules from QubesDB. The module Rules contains a rule matcher instead of hardcoded rules now. 
Co-Authored-By: Mindy Preston <yomimono@users.noreply.github.com>
 2020-05-15 16:25:46 +02:00
Thomas Leonard 02e515d27c
Merge pull request #95 from hannesm/mirage-nat.2.1.0 
mirage-nat.2.1.0
 2020-02-19 14:27:41 +00:00
Thomas Leonard 65324b4197 Update Dockerfile to get new mirage-nat version 2020-02-19 14:16:49 +00:00
Hannes Mehnert 88fec9fa49 adapt to mirage-nat 2.1.0 API (Nat_packet returns a Fragments.Cache.t - which is now a Lru.F.t) 2020-02-08 15:58:37 +01:00
Hannes Mehnert 554e73a46d cleanup: remove exception cases during Ethernet decode / Nat.of_ipv4_packet - they do not raise exceptions anymore 2020-02-08 15:55:32 +01:00
Thomas Leonard 0ced0ee901
Merge pull request #91 from xaki23/mirage-3.7-qb 
support mirage-3.7 via qubes-builder
 2020-01-14 14:50:22 +00:00
Thomas Leonard 16581b1e2e
Merge pull request #90 from talex5/cleanup 
Minor cleanups
 2020-01-14 12:54:48 +00:00
xaki23 e68962ac48
support mirage-3.7 via qubes-builder 2020-01-13 20:48:46 +01:00
Thomas Leonard 8e714c7712 Removed unreachable Lwt.catch 
Spotted by Hannes Mehnert.
 2020-01-13 10:05:38 +00:00
Thomas Leonard ab3508a936 Remove unused Clock argument to Uplink 2020-01-13 09:54:09 +00:00
Thomas Leonard 48b38fa992 Fix Lwt.4.5.0 in the Dockerfile for faster builds 
Otherwise, it installs Lwt 5 and then has to downgrade it in the next
step.
 2020-01-13 09:49:37 +00:00
Thomas Leonard e851565823
Merge pull request #89 from roburio/mirage-3.7 
support Mirage 3.7 and mirage-nat 2.0.0
 2020-01-13 09:45:04 +00:00
Hannes Mehnert a734bcd2d3 [ci skip] adjust expected sha256 2020-01-11 16:01:08 +01:00
Hannes Mehnert 730957d19b upgrade opam repository to current head and mirage to 3.7.4 2020-01-11 15:46:22 +01:00
Hannes Mehnert 28bda78d20 fix deprecation warnings (Mirage_clock_lwt -> Mirage_clock) 2020-01-11 15:46:02 +01:00
Hannes Mehnert 3fc418e80c qualify all return with Lwt, use Lwt.return_unit where possible 2020-01-11 15:44:30 +01:00
Hannes Mehnert 0f476c4d7b mirage-nat 2.0.0 and mirage-qubes 0.8.0 compatibility 2020-01-11 15:36:02 +01:00
Hannes Mehnert c66ee54a9f revert bc7706cc97, mirage-xen since 5.0.0 reverted the split of OS into Os_xen 2020-01-11 14:34:25 +01:00
Thomas Leonard e8f62b8532
Merge pull request #88 from xaki23/pin-mirage-3.5.2 
pin mirage to 3.5.2 for qubes-builder builds
 2019-12-28 19:50:47 +00:00
xaki23 43656be181
pin mirage to 3.5.2 for qubes-builder builds 2019-12-27 23:19:35 +01:00
Thomas Leonard dab790cb68
Merge pull request #83 from marmot1791/marmot1791-patch-readme 
Note that AppVM Size may need to increase
 2019-12-14 12:05:46 +00:00
Snowy Marmot dad1f6a723
Update per review 
Update with suggested wording per talex5
 2019-12-14 00:24:55 +00:00
Snowy Marmot 315fe4681e
Note that AppVM Size may need to increase 
Add note that AppVM used to build from source may need a private image larger than the default 2048MB.
 2019-11-27 16:01:58 +00:00
Thomas Leonard 706be3d823
Merge pull request #81 from talex5/upstream-updates 
Fix build
 2019-11-18 09:46:14 +00:00
Thomas Leonard 930d209cdb Fix build 
- A new ocaml-migrate-parsetree.1.4.0 was released, replacing the old
  1.4.0 with new code. This was rejected by the checksum test.
  Fixed by updating to the latest opam-repository.
  See: https://github.com/ocaml/opam-repository/pull/15294

- The latest opam-repository pulls in mirage 3.7, which doesn't work
  (`No available version of mirage-clock satisfies the constraints`), so
  pin the previous mirage 3.5.2 version instead.

- Mirage now generates `.merlin`, so remove it from Git.
 2019-11-17 14:33:56 +00:00
Thomas Leonard 32e4b8a31a
Merge pull request #80 from talex5/upstream-updates 
Upstream updates
 2019-08-25 19:09:54 +01:00
Thomas Leonard 49195ed5e1 Update Docker build for new mirage-xen 
Also, switched to the experimental new OCurrent images, as they are much
smaller:

- Before: 1 GB (ocaml/opam2:debian-10-ocaml-4.08)
- Now:  309 MB (ocurrent/opam:alpine-3.10-ocaml-4.08)
 2019-08-25 19:01:22 +01:00
xaki23 bc7706cc97
rename things for newer mirage-xen versions 2019-08-25 18:12:59 +02:00